Always use an updated browser. The main browsers of today update automatically either transparently to the user or through notifications that must be approved. Automatic operating system updates must also be enabled.
Check that plugins and extensions are set to update automatically. Also, make sure that the installation of these add-ons is done from trusted sources.
It is advisable to review the security and privacy options of the browser. Currently browsers have such interesting measures as: not accepting third-party cookies, blocking pop-ups, avoiding password synchronization, avoiding autocompletion, deleting temporary files and cookies when closing the browser, blocking geolocation, filtering ActiveX, etc. .
It is recommended to use HTTPS (SSL / TLS) over HTTP even for those services that do not handle sensitive information. There are functionalities that will be of great help to guarantee the preferential use of HTTPS over HTTP during web browsing.
It is recommended to protect the browser and add-ons with solutions that prevent exploiting security weaknesses to mitigate possible attacks derived from programs that try to exploit these weaknesses. In some cases, these types of tools may protect the user against “0-days”. This solution should not be viewed as a substitute for antivirus but as an additional layer of security.
Protect your passwords, do not disclose them to third parties in writing or verbally, change your password periodically and never respond to password requests that come to you by email.
Use combinations of numbers, letters, and symbols for your passwords. Do not store passwords by default through the browser and use more secure tools to manage them (for example, password managers that implement strong encryption). In the event that you decide to use the browser, it is important to use a master key that encrypts the credential repository.
It is important to verify that the certificates sent by HTTPS services that handle sensitive information have been sent by a trusted CA. Any errors or alerts generated by the browser as a consequence of the certificate validation (for example, self-signed certificates) should be carefully reviewed.
To improve security against man-in-the-middle attacks, the use of “Certificate Pinning” policies is recommended.
Consider the use of additional extensions or add-ons that implement functionalities not covered by the browser. For example, those that improve privacy during navigation or that block ads, advertising banners and certain tracking techniques used by third parties as much as possible.